Hi Viktor,
Thanks for the clarification. You are absolutely right, I must be mixing up SSL
and SASL. I'll make sure that it is clear to me tonight.
You are also right that openrelay.customer.com has a non-working STARTTLS. They
actually have neither authentication nor encryption. This is actually my
current 'challenge': how to set this relay up without encryption and
authentication while keeping our current config for other relays (encryption +
authentication).
Emmanuel
On 22.10.18, 18:36, "Viktor Dukhovni" <owner-postfix-us...@postfix.org on
behalf of postfix-us...@dukhovni.org> wrote:
> On Oct 22, 2018, at 11:01 AM, Emmanuel Jaep <emmanuel.j...@gmail.com>
wrote:
>
> I just tried the configuration you were proposing:
> Main.cf
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
openrelay.customer.com
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
Those are Postfix SMTP *server* settings that only affect *inbound* email.
> But I keep on getting:
> postfix/smtp[2540]: SSL_connect error to openrelay.customer.com
[xx.xx.xx.xx]:25: -1
> postfix/smtp[2540]: warning: TLS library problem: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c
These are logs from the Postfix SMTP *client*, trying to send *outbound*
email.
They are completely unrelated.
> I believe that the parameters
> smtpd_use_tls=yes
This is an unrelated *server* setting.
> smtp_sasl_auth_enable = yes
This enables SASL outbound, but can't possibly cause TLS/SSL connection
problems.
DO NOT confuse SSL and SASL.
> are forcing to use sasl...
No. The real issue is that "openrelay.customer.com" has non-working
STARTTLS.
--
Viktor.
